Openvpn – rsync over vpn (not ssh)

openvpnrsync

I'd like to use rsync over openvpn to copy some files as root from one server to another, all on the same LAN (i.e., not over the Internet). Both servers are running Wheezy. I could do this over ssh, but I'd prefer not to because I want to keep ssh root access disabled. The VPN is working – e.g., from the client I can successfully ping the server's openvpn IP (and I can connect over the Internet using the VPN ip and VNC, though again for this use case I want to copy files on my LAN behind my firewall). However, when I try rsync, I get an error "connection over port 22 refused". Q: is this a problem with my rsync syntax and what syntax should I use, or with this approach do I need to setup the rsync daemon on the server? Rsync without the daemon seems to assume the use of ssh.

Thanks!

Best Answer

This page has a pretty decent (and brief) description of the steps you need to take on Debian Wheezy.

http://www.server-world.info/en/note?os=Debian_7.0&p=rsync

Note that when you're using the rsync daemon (as opposed to rsync over ssh) you use hostname::sharename syntax to (in the example on that page the rsync share is "site").

So you'd run rsync -avz hostname::sharename or similar from the client.

You probably want to use hosts.allow to permit only specific IP addresses. If you want username/password logins as well add this to your share definition in rsyncd.conf:

   auth users = user
   secrets file = /etc/rsyncd.secrets

and then create an /etc/rsyncd.secrets

username:password

and then

chmod 600 /etc/rsyncd.secrets

Related Solutions

Rsync in Daemon-Over-SSH Mode – Troubleshooting

There seems to be a bug in the documentation or the implimentation of rsync. man rsync says:

Rsync supports connecting to a host using a remote shell and then spawning a single-use “daemon” server that expects to read its config file in the home dir of the remote user.

but when connecting to root, according to /var/log/messages, it was looking in /etc/rsyncd.conf for the config file (the standard location for an rsyncd.conf file when not used over SSH.

I had to force the ssh server to use the right config file by adding

command="rsync --config=/root/rsyncd.conf --server --daemon ."

to /root/.ssh/authorized_keys.

The reason I didn't just put the config in the default location is that I didn't want someone to accidentally start a normal rsync daemon - I only want a daemon to have this much access when it has got the correct ssh key.

Linux – Copying a large directory tree locally? cp or rsync

I would use rsync as it means that if it is interrupted for any reason, then you can restart it easily with very little cost. And being rsync, it can even restart part way through a large file. As others mention, it can exclude files easily. The simplest way to preserve most things is to use the -a flag – ‘archive.’ So:

rsync -a source dest

Although UID/GID and symlinks are preserved by -a (see -lpgo), your question implies you might want a full copy of the filesystem information; and -a doesn't include hard-links, extended attributes, or ACLs (on Linux) or the above nor resource forks (on OS X.) Thus, for a robust copy of a filesystem, you'll need to include those flags:

rsync -aHAX source dest # Linux
rsync -aHE source dest  # OS X

The default cp will start again, though the -u flag will "copy only when the SOURCE file is newer than the destination file or when the destination file is missing". And the -a (archive) flag will be recursive, not recopy files if you have to restart and preserve permissions. So:

cp -au source dest

Best Answer

Related Solutions

Rsync in Daemon-Over-SSH Mode – Troubleshooting

Linux – Copying a large directory tree locally? cp or rsync

Related Topic